os)B^mmff (J p) (12) ^ ^ J|*F 1^ ^ ^ (A) 



#^^11-109859 

(43)^BBH ¥fi!cll^(1999)4^23B 



(51) Intel." mm^ F I 

G 0 9 C 1/00 650 G09C 1/00 650B 

6 5 OZ 

G0 6F 7/58 GO 6 F 7/58 A 



«aEil!« =t lil«JB©«10 FD (±10 H) 



(21)fflil## 


4$IBi|Z9 - 290350 


(71)tilKA 


000004237 












spjEK 9 ^(1997) 10^6 0 










(72mm 


AS iltl 








JtOS«HiK^TB7»l# 0*«$«* 














(74)ftaA 





(54) |Smft9e^:^^«<t:t^fll 



(57) iwm 

[»>*#®] aiKfg^tl 1 0 1 li. A:^I!l«5? 18 0*^ 

eo->a'y'i7/0l/7.lClW!iaLT0^A< (Pi-1) 
(P2-1) (Pm-I) ^^tct^^A^mi'Pmz 

^jSf^o Pu P2> ^ P|„li2Ji(±cDJg!»T-$ 

?>o mi<D-3IS?®4(i. Z(DmWLA.tiV. iCX=ai 
(PlP2 Pm/Pl) Bi +32 (PlP2 Pm/ 

P2) B2 + + am (P1P2 Pm/Pm) Bm 

(mod P1P2 Pm) SSSTS^ 

2. m) I*. -^ISljCak (P1P2 Pm/Pk) 

= 1 (mod Pk) ^mtcrm^z&'j. Bki* {a 

mod (Pk-1) } +1*a-r, JD»«1 0 7 




19fi~0- 



(2) 



<^mW- 1 1 -1 0 9 8 5 9 



mmm^] m^TEOimm. Pi. P2^ ^ Pm^ 
2J.X±0*^if<!:LT. 47ien/cSlllS (Pi-1) {P2 

-1) (Pir-1) ^C'i.t-^^. 0^A< (Pi- 

1) (P2-1) (Pm-1) ^MctmmWifi^^ 

D D 1 = A 7 2 Ji(±mJ.XT©e» k lc3>t LTiC D k= 

Dk-i/ (Pk-1) i^^^jmtmm^cDmwi. Bk* 

mJ.XT<7)iEcDllli[ktc3>fLTa;{Dk mod (Pk- 

1) } + iicj:»jST3rnsaa<Dii». semcak^^ 

iBliCak (P1P2 Pm/Pk) =1 (mod Pk) 

^Ji/c-r^iiODSIIS*!: LT. ^ai (P1P2 Pm/P 

1) Bi +32 (P1P2 Pm/P2) B2 + + 
am (P1P2 Pm/Pm) Bm (mod P1P2 

Pm) icjavm-i^^mm^^m^m. m^mn^ 

n^IE<DSg»v Q«-^fe#2n-1^QPiP2 PmfcJ: 

t^(Q+l) P1P2 Pm^2n^Slfc-r»Dfi:L 

T. mm^m^ziivm^mwiXlcm^QP^P2 Pm 

t. 

L2«±mi.XTa)e»klc5^LTKaDk*«S» (Pk- 

1) lCcfcoT[^L/c<i:$CDBDk+l = Dk/ (Pk-D 
tm^Dk mod (P1-I) ^I«»#l8tcd;yiftii 

J]P»#eicJ;t; 1 ^)]Q^TB0IBaiS:«Dlg3$Bk^^-tl^' 

HuiBM 1 (Dmnxi^'y 7TStH LrcMlB^»(^SIifBk 
O^ti^nic. tijlB^W^S^ffll-^TjPttS-r^SIIKak 

(P1P2 Pm/Pk) ^mi^^mnT^T'-yyt. 

J: y T'^TSPg-r i)m 2 ©»P»Xx y zTt. 

CCDS 2 roiiDSx X -y yictsifuuni&m^&WL P 1 p 2 

Pml^<fc y l«Lfc<!:* (7)»J^^*J^-;SIH#l9:(cJ; *J 

nm LTbuSBSESeX i:-r5*J^-3ISXr ^^i:. 

[ii5R]I3] m^IEtOSIIi. k ^mJ-XTOIEtDSIDf. 

Pi. P2s Pm^21.X±CD*IS<!:LT. 

/c«3aia)Slli( (Pi-1) > (P2-I), (Pm 

-1) ictt-j;*. o^Ak< (Pk-1) ^mtcrmw^ 
Bk^ieAk+iic<fcys*n5a»w»a. ^emca 

k5-^[W|jCak (P1P2 Pm/Pk) =1 (mod 

Pk) ^mtctmmai&mtLT. iCai (piP2 p 



m/Pi) Bi +a2 (P1P2 Pm/P2) B2 +- 
•••+ am (P1P2 Pm/Pm) Bm (mod Pi 
P2 Pm) lJ:J:y«Trn5S»X^f"J,^>ll»m hU 

XT'-yyt. 

n^mo&m. Q^^ft2n-1^QPiP2 PatSS^U 

(Q+1) P1P2 Pm^2n^mcr&»tLT. IB 

n^mz^ V HulBHIifX icHSiQ P i P2 Pm*llP» 

LTSa^^ffiU tb^-r-5S2(DjSSXx'y7i. 

mmm 4 ] HuiBS 1 (DmnxT^ -y ya. mti^mR 

47.x-y :Tifi£L/cBui3ffiD[©MmiaAk®^ti-?' 
tllCv mi roJ)Pm#Slc<t»J 1 ^JlD^TBUlB^IStWSa 

B^^^'^rtl'enmtiit^m^munx7'^yyt. 
mam 1 oi)P»;^x •> 7T-giii LfcSuia^^roKjs b k 

©^ti^titc, MI3ll»#S€'fflL^T34);E;-ri.SI»ak 

(P1P2 Pm/Pk) ^SCSSKXx'y:/^. 

dcD^nxx -y 7ia6i,fimn^m^m 2 (Dhum^mic 
j;i>)t^Tm*t^fS2<Di]anx7'yyt. 
z(om2 ommx^-y yiz^sif^mn^^^mm p 1 p 2 
Pmiz^'Jv^Ltct ^mi^^m^mn^mc 

Sai LTSuSBSiax i:-rsm 2 ©W^aSXx'v 7.!:. 
^ntszt^l^^ttm^m 3 iBK^sma^^:^ 

[11^315] m*iE<D»a. Pl^ P2s X Pm* 

2i:x±(om^tLT. Ati^ntcmm (pi-d (P2 

-1) (Pm-1) iCi.tH^^-Z. 0^A< (Pi- 

1) (P2-I) (Pm-1) =&jffifc-rM(«fl.»A^ 

D k* D 1 = A T- 2 J-X±m J-XTOMliC k Jtt L T iC D k = 

Dk-i/ (Pk-1) (cfcys^ns^aosa. Bk* 

mJ.XT<DiEcDSISfklc>t>tLT^ {Dk mod (Pk- 

1) } + Mcj;iom^ti^mwi(Dmm. ^semcak^^ 

IlliCak (P1P2 Pm/Pk) =1 (mod Pk) 

*3lfc-r«aa)StSi: LT. iCai (P1P2 Pm/P 

1) Bi +a2 (P1P2 Pm/P2) B2 + + 
am (P1P2 Pm/Pm) Bm (mod P1P2 

Pm) iccj:y«^n%«iax^»iii-r^. i^n^iSx m 

n^JEWSHi. Q^S1^1=2n-1^QPiP2 Pnifcd;l^ 

(Q+1) P1P2 Pm^2n^mn:tU^tLT. 15 
IBHaxiCiliSQ P 1 P2 Pm^ljUMLTmSL^ilS. 

u iiitit^f^2<Dmn^mt. 

6 ] HulBM 1 CD-3IS#Sl*. 
BUIBSmaAlC>rctLTDi = AiU 2W±mJ.XT<7) 
»»k(c*tLTSII$Dk*8E» (Pk-1) (CJ:oTI»L 

/j:<!:$(7)SDk+l = Dk/ (Pk-1) tfJ^Dkmod 

(Pi-i) ^mn^mizj;:o»tiit^m&(Df^M^$s. 



(3) 



^mW- 1 1 -1 0 9 8 5 9 



mum 1 mi^^un^mTMiH Ltcm^o^^n^eniz i 

n^niz. jRtjs-r^Kiiak (pipz Pm/Pk) « 

c osm^siccfe «ism#gs*-r'<Tiipmr «s 2 ©up 

C on 2 ©SP^^SlCfc 5 JjP»!jg**S» P 1 P 2 P 

^"^tszt ^i^m t t^m^m 5 iBi8©sm3s^4s 

go 

m=&IEa)ll3S, k^mJ.XT<7)iE(7)ll33[> 
Pi. P2. X Pm^2)U.±<0mmtLT. A^lTtl 

/cttScDJilJ (P1-I) . (P2-I) V (Pm 

-1) lct,<!:^'t^TO^Ak< (Pk-D ^mctmWL 

©sm»Ak^^-n^*i4fi)6-r5aia<7)SL»ie*#s 
Bk^ieAk+ 1 ic.fc*js*n^a»<DSia. %emca 

k*^|5lS;ak (P1P2 Pm/Pk) =1 (mod 

Pk) ^mrctm^(Dmmt LT. Stai (PiP2 P 

m/Pi) Bi +32 (P1P2 Pin/P2) B2 +- 
•••+ am {PlP2 Pm/Pm) Bm (mod Pi 

P2 Pm) it<fe'ja^n^siijfx^»tij-r?.. m^s-m 

mm J)PSm :&6Ulc«Sm^$C;SlcDSlt 

mix 

n?I(DSI3a. Q^?fe#2n-1^QPiP2 PmJJ<i:t>" 

(Q+1) P1P2 Pm^2f^^y&tctm&tLT. m 
sEmmxizMWLQ P 1 P 2 Pm^llPS LTSSS^SfiK 

m^m 8 ] BusBS 1 (D^n^mt. 

HufBa.8i[5g^#IST-*S)t L/cHuSB^ISOSmSt Ak© 
^ti^'tHC 1 ^fiPx.TMiB^lifa)Jli!SBk^^ti?nm 

BuKm 1 <7)llP»#ST»tH LfcHuiB^licDSS?* Bk(^^- 
tl^tllC. mrSSIilak (P1P2 Pm/Pk) « 
SL;i)^li{(7)MIBSi:#S<»:, 

c:o«s#stcfctt5SSiie*^"r'<TiiPS-r 5S 2 o 

c: 2 ofiDKmicfctt ^i, jipgiK^^g3$ p 1 p 2 

Pml::cfc'J^Lfc<!:*©SiJ^^»tiJU BuiBSaxi:L 



m^m^ 0] «ijiB<D«ij#^-;iim#i&(^, 

M 1 fc<fc tfn 2 (3D R O M i:S1 1 fccfcO-m 2 (DllPStggi: ^ 

R O M©7 K UXiS^lCfitHig^ tlx HUIBS 1 © R O M© 
ai:tlx— ?lifulBm 1 (7)flP»8§(7)t,^-7^A^iffi?-lC« 

BuiB* 1 <Dmni&o)tiitiT-^^mm^mtimi(D\d 

"J TfeffliJ«D^tl!{<7)ti''7 hliBijiBm2cDJP»t5 

©ROM©7Kl^::^4S?lc«:^*tl. Bul3Sg2CDROM 

0tutix— ? (iBuiam 2 ojipwsgrot, -5-;^ a^dsst-ic 

BuIBS 2 ©l)Pll»©aj:^x— $« <)^HuSB©*iJ*>SII#SO 

[000 1] 
[0 0 0 2] 

[0 0 0 3] 'j^mm^ms^TM. ^mmf.mmm^m 
[0 0 0 4] z<D^ot^mw.(D^mz\rA^t'^nt±Lr^ 

[0 0 0 5] ia4liil©d:-??3:ttfjR©3gijJ£DfSffi^^l5!c 



(4) 



# 11-10 9 8 5 9 



i«SLJS) ^mvf»iz.^mt^ (#114 1 0) „ /c/cL, 

li'-y 1 ict^ {#)ii4 2 0) „ ^Jclc. iEOSE» j «• 
1<tL (#114 3 0) . Xti<Pj7:WJ^n^f'^r)ti' 
*ei2U X6''PjT»jy«*l?.«^tt#|lS4 1 OlCSiJ 
W^i^L. -5^. lyyiiOtlSlMi^t*. #I14 5 01C*J 
ffll^S^-To #114 5 OTlis j =m*^S<)^^«fiL, j 
= m?3:6l*5[ia^!iil7LTX^*JS(7)11ffi 
i LTdi:^ U j =mT-%lttl«'#)e4 6 0 ICMU^^ 
to #114 6 OT-l*s j = j + 1 <h $ijffll^4 4 OlC 

Pi. P2. X Pm^*S^HCS:&5'J^^L^^!l»T' 

3:^3tc:LTSIiX5^fi!c-rti«\ XA\ Pi. 

P2. V Pm ^msmzn^zttj^iSii^oT'^ mm 

[0 0 0 61 3S:fc\ 1*Jl?<7)3glS*fi)c*affc<l:l>'iiM»Bg 

:^h'?'^7-f- J (Bruce Schne 

ier, AppI ied Cryptography: 
Protocols. Algorithms, and 
Source Code In C.SecondE 
dition. JohnWi ley&SonSv In 

c . 1 9 9 6 ) s ^im L < mm^tiTi^io 

[0 0 0 7] 

ffi^ 1 oi#5fc46tc. IISS^iSSHi^eit^lHlt^filJ 
L. ^(7)fcmt^fi)6L/i:SISi5^SJ3g5PjT#LTBa*^ 

p j *J ijjti?) A^s*^^5iis L^ii-n«'^ b-r\ 

[0 0 0 8] tc:T-*5gR«<^a6<)li. lg^if(D<gffi<!:&5 
[0 0 0 9] 

mi,i±iEm^m^t^rcisb. m^mcDrnwi. pi. 

P2s s Pm^2W±£0tSlKi:LT. -^^etl/ceii 



(Pl-1) (P2-1) (Pm-1) ict,.!:^"^. 

0^A< (Pi-1) (P2-1) (Pm-1) 

fcrsmsfA^ass^g^^isicd: ^j^^zt^^^^^ 

Dk*Di = AT-2J-X±mJ.XTa5!SaktC*f 
LTjtDk=Dk-i/ (Pk-1) l-<i:^JaTrti^^iil<D 
Sifts Bk^mJi(T<OiE<7)S6»ktCi*LTjC{Dk mo d 

(Pk-1) } + iicj:y«**i5tt»<Dfia. 5:emc 

ak^nlliCak (P1P2 Pm/Pk) =1 (mod 

Pk) ^Wz.tWm^W.t\.X. iCai (PiP2 

Pm/Pl) Bi +32 (P1P2 Pni/P2) B2 + 

+ am (P1P2 Pm/Pm) Bm (mod P 

1P2 Pm) lcJ:ya^tl^SlllSX^f«m#IS. 

*miC05limXx';/y<t. n^IE<7)gSK. Q^Sff2 

n-1^QPlP2 Pmfccty-" (Q+1) PlP2 Pm 

^ 2 n^«ft-rSi»<!: LT. fiPS#S(c,fc y HuIESIitX 
le:SI»QPiP2 Pm^fiDSLTSIIi^^RXL. 
■r5S203IJtXx'>7'<!:. %gCJC:i:^!fjS!!<!:r«o 
[0 0 10] *5gRirojgm»3S4*-^tt. 

iE(7)Sa. k^mlXTcDIEcOlllif. Pi. P2. P 

m^2J.X±©^iii:LT. 4;i6tl/c^iicDSilK (Pi- 
1) . (P2-I). (Pm-D tzi'fci:-:)'^. 0 

^Ak< (Pk-1) ^mz.t^m.(r>mmj&^Y>k. n. 
•y^t. Bk*siAk+iitj:ya?ti5«»oisa. s 

emcak^-^lilitak (P1P2 Pm/Pk) =1 
(mod Pk) ^WttW&.(nW&.t\^X. jCai (P 
1P2 Pm/Pl) Bi +32 {P1P2 Pm/P2) 
B2 + + am (P1P2 Pm/Pm) B^ (mo 
d P1P2 Pm) li:J:»;S?ti^SI|j!X^tJ^-;S» 

ia)3IS7.x>y7^. n^IEcoSIIS. Q^^<*2n-1^ 
QP1P2 Pm33cfcl>' (Q+1) P1P2 Pm^2n 

^T^tztw^tv,T. ^p»#s^c<^:^;HuiBilSi!xt^:^lla^ 

QP1P2 Pn^)!lP»LTSIIfc^^^L. ^-ht^^ 

[0 0 1 1] ^LT. i^wmmmmM.'^^w.x. m 

?iE©SI». Pi. P2. ^ Pm«:2J.X±0)3Siif<S:L 
T. A:^7!:tlfc»» (P1-I) (P2-I) (Pm 
-1) tCtt'i'L^T. 0^A< (Pi-1) (P2-I) 

(Pm-1) ^m:.-tmmJ&«-^±^t^%MM 

^^Sit. Dk*Di = AT'2J.X±mJ.i(T©8IJ$klC«L 
T5tDk=Dk-i/ (Pk-1) tcJ;»ja*tl5^t!K(D^ 
a. Bk=&mJ-XTOiE(D«IISklc«LTiC {Dk mo 
d (Pk-1) }+1lcJ:y^#ti5«»<^SI». ^eif 
tCak^olDieak (P1P2 Pm/Pk) =1 (mo 
d Pk) ^mtctmm(OMWLtLT. iCai (P1P2- 
•••Pm/Pl) Bi +32 (P1P2 Pm/P2) B2 
+ + am (P1P2 Pm/Pm) Bm (mod 

P1P2 Pm) iz^vm-in^&^y^^ntbt^. ^ 



(5) 



1tM¥ 1 1 -1 0 9 8 5 9 



^QPlP2 Pmfc^O^ (Q+1) P1P2 Pni^2 

[0 0 12] $rcs *??B^<^Sm»58S^«l*x 

IEO!l!!$. k^miaT<7)iE(7)ilSjf. Ph P2^ ^ P 

2 iu.±(Dm^t LT. A:^*n/c«a©s» (pi- 

1). (P2-1)x V (Pm-1) iCtxfc-id^TO 

^Ak< (Pk-1) ^Mctmwi(Dmimn/^k^'tn 

<*:y^?ti^MfB«i!(Wlllit. Semcak^^^liliCa 

k (PiP2 Pm/Pk) =1 (mod Pk) 

tctmWL(Omi&t LTs iCai (P1P2 Pm/Pl) 

Bi +32 (P1P2 Pm/P2) B2 + + an 

(P1P2 Pm/Pm) Bm (mod P1P2 

Pm) ic«fc»js*n-5sii[x^»ttir*. m^m*^ 
»Difm 5:emciii»#a5$t,-mi©gi»#s 

<h. n^IECDSIS. Q^sfeff 2n-l^QPiP2 Pmfc 

cfcO- (Q+1) P1P2 Pm^2n^-jSfc-rSli)fi:L 
T. luiBIS?$XlcSlli[QPlP2 Pm^l)PWLTSI?S 

[0 0 13] 4^e*l/ce«a)?m»«DklC«LT. 

{Dk mod (Pk-1) } +1T'S*tl5±IBSIiK 
Bkttv 0<Bk<Pk^iS/i:1"o 0<Bk<PkT»tl 
«f. Bk=)t0 (mod Pk) T'&^o Ltzt^nT. P 
1. P2. X Pm mmr^^mWimii. miL^:k 

nl^iC X= Bi (mod Pi) . X =B2 

(mod P2) X V X = Bm (mod Pm) <D 

mti^n^L. "ta^m^X (±iBS3SX) tt^t. Xti 
Pi. P2v X Pm«0^-rtllc<J;oTt.iiJ'JWn^ 
l\ -rSto-Sx X3!)^mffla)'>?^Sl»Pl, P2. 

[00 1 4] ^LTx ±SBaiz:i;A:'&lBiit«D)5?X(i. X 

= ai (P1P2 Pm/Pl) Bi+a2 (P1P2 Pm 

/P2) B2 + + am (P1P2 Pm/Pm) Bm 

(mod P1P2 Pm) lcd;oTiB*lc?t?i6en5 

tCjrUHSSX^Waj-r^o ^tc. ±l3lg2©3l»Xx-y 

7fc<i;t>'ll2(7)-3IS#®Tli. ^liXlCQPiP2 P 

[0 0 15] mmi^mmo^mimwLAk^^mt^:^^ 



fcJ:l>~a»fl^#IST±gBDk mod (Pk-1) 

ffl^r^^miSAk^^fiicL. mi (7)>i»xx'y7fc 

<fet/m 1 <D>1l^#IST1iiiro«mJSAktcd: tJSIiitX 
[00 16] 

[0 0 17] z(omu^m^±i^m2ii. 'Amummi 
#S4. :$.^mmt>^m2(D^M^SitLT<Dmuu 

1 0 7lc<):y«filt^tiTl^?)o ^LT. Ml<7)j|IS#S 
4li. I^»i§10 2i. 1 0 22. X 10 2m (*5g 

miz%t>imn^m . msi 0 3i. i 032. ••• 

1 0 3m {:^mmzifkt>^fs^(Dmn^m) . mn 

SI 0 4i. 1 0 42. 1 0 4m i^^^Bimt)^ 

mm^m > IJDlttll 0 5 (*5g^lC«t)5m2©l)PW 
#S) . *J^-S»tl 1 0 6 (*5eB«lC^to«*J^)1IJI# 

[0 0 18] a»5l*S 1 0 1 iCtt. A^«? 1 8 0 

m[:z<7n'y^immmt^ti. -15. a^js^i 90 

^iiCTKDf (Pi- 1 ) (P2- 1 ) (Pm- 1 ) 
*i^A^*tlTl^5„ Z.CT\ mttiE©S». Pi. P2. 
Pml*2J.)(±ro^3aT'S?.o ^LT. iLSK56^tl 

1 0 It*. ±si<7a'y<PiE^<D^<7n'y<7J^l[/XI,C\5\l^ 
LTO^A< (P1-I) (P2-I) (Pm-D 

^^/cfjama A ^SfiK L. s 1 o-;ss#S4 icaj^ 

[0 0 19] mi0«»#IS4(7)«J«g(i. m^] 
ictt-rst^T. s3ST•$^5i45<DiSo^s^ax (^m 

») ^nmt^ctT&^b. 

[0 0 2 0] 

[3S1] X=ai (P1P2 Pm/Pl) Bi +a 

2 (P1P2 Pm/P2) 32 + + am (PlP2 

Pm/Pm) Bm (mod P1P2 Pm) 

CUT. ak (k=K 2. m) ti. -^PiCa 

k (PlP2 Pm/Pk) =1 (mod Pk) ^«fc 

tmi&Z&^o S/c. Bi, B2. Bkl*. iCiCBk 

= {Dk mod (Pk- 1 ) } + 1 ti:J;oTfia)>^46 

en«a»a)S»T'»y. cct. di. 02. d 

mWx Di = A, 2j.X±CDklC)i^LTliDk=Dk-i/ (P 
k-1-1) lcJ:oTfil©>*i6e^*«iS<DK»7«So 



(6) 



1tM¥ 1 1 - 1 0 9 8 5 9 



ti-HS. [SSI] tcJ;tja?tii.S6!&X*»\ s^|j(T$S5S 

[002 1] 3? 1 ©JII»#S4 ^ffifiEfSSKSS 1 0 

2k (k = K 2. m) \Z\,t. Sffi^^l 9 1 k^JiU 

TSIIil (Pk-1) t^'X-hiE^T. ^Jf 811 021 

let*. SL»584tl1 0 1 *^e±IBJgm»A*^A^*tl 
Tl^^o ^LT. I^SSI 0 2ilijimiifA:&illi 

(Pl-1) lCioTf^Lfc<!:#(7)SD2=A/ (Pi- 
1) tm^^ mod (Pi-1) ^■WtiiLT. B.!: 
i<J^^lil:'3L. S^Wtll 0 2k (k = 2, -, m) 
li. £ffliJ<73^»S1 0 2k-1<7)tti:^r5®Dk^ll3S (P 
k-1) lC<i:omLfci$tOSDk+l= (Dk/ (Pk- 
1) iifiJ^Dk mod (Pk-1) ^»aL. S<»:»J 
*^ai:^-r-So SI^SSI 0 2k (k=K 2. 

m) ©ai^t-5*j*«x ^-ti^^timrs^UDS 

SI 0 3kli:tii:;^i^ti^o ^cfc. WTTlilft0^«r)<li:± 
Di = Ai:mBri.o SJiaStll OSklctiv SKSSi 
0 2k*'>eo±iB*J*<i:ttlC. A^JS^I 9 2«'iiL;" 
1" A<A:^i;rnT33^;. SJP»S1 0 3k«fJ^Dk m 
od (Pk-1) ici^fiP^. JSem^SllSlBk (= {D 
k mod (Pk-1) } +1) <*: LTm-r2.&«» 
?gi 0 4ktctll:'3-r^o 

[0 0 2 2] S-SWtll 0 4ktCli. SfiDSSI 0 3klC 
J:5fiD}|«S«Bk<!:«lC. S4S9^1 9 3k*iaL;TS»a 

k (P1P2 Pm/Pk) A'^A:^?nTfc'J. ^gSI 

0 4klix c:^)eiXi:±iBSD»ie*Bk<5:<D«^»tlJU 

iies^jjDjigi ostca^r^o ccTakiis 

ak (PlP2 Pm/Pk) =1 (mod Pk) 
tctmWLVii^o JPWSI 0 5li. §S»S1 0 4k(D 

!1S?1 9 4^iiL;T^iKPl. P2s ^ Pm(0^tL 
T<Deii(PiP2 Pmt'^Xtl-inTSS''Js fJ^>ll}fgS 

1 0 6liJPWS1 0 5fr'=.<75J)P»^e^^llSSPiP2 
PmmL/cBt(7)ft^^»tUL. HIS X <h LTSP»81 1 
0 7(caJ:^f «o 

[00 2 3] DP»S 1 0 7 let*. fJ^JIIKS 1 0 6 
(0!llifX,!:«(tA:^4S?1 9 5^jii;T±SBil3SPiP2 

Pm^^mmQ^m[:tcmw^QP^P2 Pm*'^A:^j* 

tiTfcy^ j)P»«i 0 7ttii^ie«sia«iip»u i§e 

Ttti^'l-ri.o Qli. ^^4^2n-1^QPiP2 

Pmti^li^ (Q+1) PlP2 Pm^2n^mrctmm 

[0 0 2 4] ;:>:tc. LKD^^lC^fiE^tl/c^miSlg^ 

gll2<Z)ii1^lc-:>i^TtttB^-r^„ fSL»5^^8gi 0 1 li. 

A:^4b6?1 8 0*ai;T^P-;'^'fll^<D1OW^7P>y^ 

/\°;l/7,6>A;':*n?)<h. ^O^P'y^/\°;b7,lc[5lgSLT 
0^A< (P1-I) (P2-I) (Pm-I) 



TcrmmA (smsf) *i«f^3Sic*fiEL. i!«^»«i o 

2:lzm^t^ (*5eP^WS^3?.SL3S5€*Xx7:/) o 
[0 0 2 5] 3tllC»LT. ^»S10 2il±. Mm 
»A^SI» (P1-I) lcJ:oT^L/ci:*a)iSD2=A 
/ (Pl-1) tfJ^A mod (P1-I) ^MiHL 
T^ iSii:*J^*ai^U #l«»ISl0 2k (k = 2, 
-, m) :tffliJ<D|!S5»[«1 0 2k-1<^ai:>3-r5iaDk^ 
(Pk-1) (C<toTI«L/i:<!:?-(7)SDk+l = Dk/ 
(Pk-1) tm^D\i mod (Pk-1) =&»t±i 

mtm^^ttitiu *j#5*^nf**i*t);s-r5flpms 

1 0 3kicai:^i-r^ (*?g0^ici3^4os^»xx7y) „ 

T. SJ)P»SI1 0 3k«. §*J^>aSS1 0 2kA^6(7)*J 
^Dk mo d (Pk- 1 ) IC. A:t)!!ffi^^1 9 2^iiL;T 
MjStlTl^^" 1" 5-)!)Q;iv ^^Bk (= {Dk mo 
d (Pk-1) } +1) ^m-rSSStll 0 4klcilJ 

1 0 4k(i. i::a)/)0»i|gSBkti:. j!>tjSr«A:^Diifli?i 9 
3k«iii;TA^T!rtlTl^«S»ak (P1P2 Pm/ 

Pk) em^*p»ggi ostctii^-rs (*58^ 
[0 0 2 6] ^©fs. jo»8g 10 51*. ^mnu 1 0 4 

icmttL (*|g^tct^*3-5M2£Dj)DSXx-yy) . fj^ 
jSSigl 0 61*. JlPWIII 0 5 6^6<DJlDS*iS«-x A^ 

Si?1 9 4^iiL;TA:^I*nTt^^SlilPiP2 Pm 

■zMLTc^om^^miH LThmiSr 1 0 7 izm^xt l 
rm^r* (*s^^icfi6io«*j#i3i»7.7^7:^) » 

[0 0 2 7] ^LT. J)P»S10 7li. *J^>SKS10 
tlrl•^^mw^QP^P2 Pm^mML. ^i6t^/ciliK 

T^ 96^Viiit}t^ {:^mmzm^^f^2(D)MnX7' 
•yzf) . [Ii(l] lcti:-:5X^T»tti?^fc±iail3SX 
it. 0^X<PiP2 Pm^MTctm^T&^f^'b. 

LfrL. /)PW«g1 0 7tCc};'J. *#2n-1^Q 
P1P2 Pmfc«fctf (Q+1) PlP2 Pm^2n« 
mtctmWLQ^nm P 1 P 2 P ml-* UZ-cSSQ P 1 P 

2 Pm^illi(X[cfiP»-r^iI<t:T\ n b 'y hCDHiKti'i 

^fetl^o "tcom^s A;/]4a5?1 8 0^JiL;T5L»56^ 
SI 0 1 lc^7p.y'?/0bX*''A:^?tlSC<!:lc. 

1 9 6^JsuT;^C'^^tc^^i;'3^n5o ^ 

[0 0 2 8] c:j::T'±fB [Si 1 1 *V*Hcwai*n«*^ 
(c-:>L>T. $/c. ^l^i^x6';^lso^s^ii:'^:*>|^f«s*^^: 
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icS-tLT. B|<= {Dk mod (Pk-D } + 1 
a?n^±lBgtSBkli. 0<B\i<P]i^^rcto 0< 
Bk<Pk'^'^tl«\ Bk=^0 (mod Pk) T$«o 
Lftft^oT. Pi. P2s Pm ti^mmrsi^m^T 

mil ^ ;*^|5]5C x = b i (mod 

Pi) . X =82 (mod P2) . X = B|n 

(mod Pm) 0)»*^l¥aLv "t^mx {±iBS» 

X) tt^t. XliPv P2> s Pm£Dl>-rtllCct 

Pi. P2v V Pm^mmm{zntcrsi^ti^z>ctiz 

iK3b^igii(r$55i^cfe y tit < 

[0 0 2 9] ^LT. ±iSjlTi 1 5X:^|5lie<0)KX«. X 
= ai (P1P2 Pm/Pl) Bi+a2 (P1P2 Pm 
/P2) B2 + + am (P1P2 Pm/Pm) Bn 

(mod P1P2 Pm) icJcoTfSSmiC^RtoenS 

^trnw^nzti''). mi <Djii»#fS4ttc:©iC. 
[8U1] tc<i:ysi»x^stii-r5» 

[0 0 3 0] C0J:3lc*||ffl©fg!gT'«x aii(564S 

m^tDjuwiC ( [na^i] ) \ni,rct'^-oximx'&^^^ 

©iSL^SIIic. r&^D-6lg|i[(D1g»3bWlo^fiE?ti 

[00 3 1 ] J5:fc\ JPWSI 0 7A\ *J^3ISS1 0 6 
*^b<73Slli!XlCQPiP2 Pm^&llDWrSiiS^x )5P» 
8§ 1 0 7 *^t±J;^I-rS n li-y h<Djg»©1gffi (Jgm») 

li. {2n-1, 2n-l} (D±^-miZ^^t^(D 

7(i^<. {QP1P2 Pmv ^ (Q+1) PiP 
2 Pm-I} a)±^-iHllc^fli-r5Ci:lC^i.o L/i: 

[0 0 3 2] mc. »2<Dll]5s<Dff^^l^c■:>t^TI^^B^■r 

E12ii*?gB^ic^;5^fWSLIi(5«^SS<7)m2(7)^]5fe 

[00 3 3] i<DjgiysL»5S^sia 6 ti^m i osmja 

5l^ga 2 i:S&;5©», H 1 ©SL»«S« 1 0 1 

m 1 (DS»#^4ic*is-rsmi o3i»#S5icfci^T 



Sf»SS1 0 2k6W^tlTl^*iST-«So rsto 

-5. Z(DmiX^WL^^I^m6T1,i. SJDStll 0 Bkli: 

«/;£;LTSLa5£485 2 0 1 kA^^ttetiv sasKjg^ig 

2 0 ikl^t*A^4S?i 8 0€-3ii;T^'n-y'i'fi^!b''A 

:^)^n. $fc. saif§«^ti2o iki-s^js-r?.A;'Diis 

?2 9 0k«)iL;Tfi» (Pk-1) tm^^tiT^^^. 
iLT. #SL»3«4iS2 0 1k^*^ '^□•y^ffl^OS^' 

□ ■y'?/\';UX«<A:^^n^C:'i:lC. O^Ak< (Pk" 
1) ««/j:1-^i«SL»AkSifi)tL. mr^SQWigl 

I*. SSLa5«^gff2 0 1 k*\ ±tmMm^ 0 2k (H 
1 ) *^ai:^-r^SiaDk mod (Pk-1) 
S^mUAk^ifiEL. IJPWIII 0 3ki-XI^<OSSPli± 

[0 0 3 4] ;iclc. m3(7)IISg^7)J^^^ll!:•^l^TI{^0^■r 
5„ E13ti*|gBfllcJ:^Mm»lgiS»<^M3<7)IISg 

[00 3 5] il OjgiUiL»$S£^!E 8 2 
5«Sga6i:S)5:5<Cl*. lll2 0S*Stg1 0 4k*'!?- 
tlf'tlROM (';-K•?^>|J -^^'J) 30 1kl::J: 
UB$SS;i6=h,. ^tc. *J^5a»gg1 0 66\ iP^tlB 
0 3i. 3 0 32fc<i;t^ROM3 0 2% 3 0 22lCcfcUa 
i^Xe>nZl^^!^T$>^o SROM30 1k<D 

y KUXJS^^lCli^&llPmgl 1 0 3k<^JlP»^**'=A;'3? 
tl. SROM3 0 1 kOx— 5faj:']4S?A^6l*SROM 

30 1 kt)^^nLTi•^^T-'^mm^^ o 5 icijt^g? 

tlTl^^. ^LT, ^ROMBO 1k<7)y#il5li:(i (y 

i«f^S6») s esaak (P1P2 Pm/Pk) y<^fii 

M 3 0 1 kliSSStff 1 0 4ki:iwii;«t6^*/c-ro #J)P 
itSI 0 3k6^6SROM3 0 1 kli:A:^i-tl.-5CDlifi» 
BkT'3fe*J. ^:(7)^B^i'J^^l\ L/cft^oT. §R0M3 
0 1 k«)7' KUX(D^:*:fit'Jx? <Tcfc<. IB1iS*<D 
/jNjt^ROM^fflt^^il.tA'^r^-SiDT-. 

[0 0 3 6] JPWgffI 0 5(DtiJ:^x— J'^^gfiK-r 

5«a<De-y h<D3-5> TffiffliJOn fci 'y KtiJDSgSB 0 
3i(D-3&a)A^4s5?lC. ^U<De-y hl*ROM3 0 2i 

<r)7 KUXiffi^lC^tx^'tllftlS^n. ROM3 0 2i<D 
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0 32^)-75a)A:^4S?lC. ^yot;~-y HiR0M3 0 

2 2<7)7' K u;iffi?ic?-n^'n«itejns r o m 3 o 2 2 

(Dtii;^Ix-^l*JlD»Sg3 0 320t.d-:&A^4S?l::« 

[0037] ■?-LT. ^ROM302i, 3022©z» 

ilfi (zliJ^H^S) tc. IIU2nz (mod PiP2-- 
-Pm) cOffiA'^x-^iiLTS^jASnTfcy. ^-^Ig 
cnei)DStl3 0 3i. 3 0 32fc.i:tfROM3 0 2 
1. 3 0 23lifiJ^-3l»tl1 0 6£Diltg^^/cL. SDWts 

3 0 32)b^bl*SlifcX«^tll:^Tt+l^„ SROM3 0 21. 
3 0 22lCA:^*+l5SSfzliif>e7mT-$»J. mCDfiW 
'J^^l-^^OT\ iB1t§a<7)'J^^t^ROM5■fflU^•5Ci:*^7■ 

[0 0 3 8] z(r>fi^3nnmm.mT'\t. ±.mLrcmu 

ll)5g<73ffi^T'ti:. m2(Dll)5fi<73mSl^^gfijc-r^S»Sfc 
<i:l^*J^-3l»iS^ROM-¥>HlimSTa*JftAfc6\ Hi 

^ROM-^f-fiPWtlTS^SS;^. SaawiSiS^k^ilSeid: 

[0039] 

m^iEoeiis P2v ^ Pm^2J.x 

±(7)3S»<!:LT, 4^6n/ciSli[ (P1-I) (P2- 

1) (Pm-I) tCt<!:-:5$. 0^A< (P1-I) 

(P2-I) (Pm-1) ^l^tctWmML^^^&i 

= AT- 2 lX±.m\:XT(Dm^ k tc«LTitDk = Dk-i/ 
(Pk-1) lc<j;t)ST*-tl^Sli!S. Bk^mJ.XTC»iE(^>SI 
iKklcSttLT5C{Dk mod (Pk- 1 ) } + 1 ttj: 'JS 
^ni>«3S<Dll3S. ^:e.mcak^^l5]iCak (P1P2- 
-Pm/Pk) =1 (mod Pk) ^jS/cf^DfCDS 

JSiiLT. iCai (PiP2 Pm/Pl) Bi + a2 (Pi 

P2 Pm/P2) B2 + + am (P1P2 Pm 

/Pm) Bm (mod P1P2 Pm) 

Q*^ff2n-1^QPlP2 Pm*5.tl>" (Q+1) Pi 

P2 Pm^2n^>S/-ct-SI!S<hLT. l)Pg#SlCj;^; 

BijiBII3SXtcll3SQ Pi P2 Pm=&J)P»LTSI»54 

fiEL. a3:^-r5m2©j|li(Xx-y:^,!:. 

[0 0 4 0] Sfc> **|B^©jgmi!i58iS«(*x m«- 
iE(7)»a. Pi. P2. Pm*2J.X±«)3R»i:L 

T. A:/3S-n/i:^li (P1-I) (P2-I) (Pm 
-1) ictt-rJX^Ts o^A< (P1-1) (P2-1) 



(pm-1) ^mttmrnMh^^m^mi^ 

Dk^Di = AT-2J-X±mi.XT©^liklcJ<tL 
T^Dk=Dk-l/ (Pk-1) (i:<J:*>ISS-tli.llll$, B 
?^mJ.XT<7)iE<^eak(c3*LTiC{Dk mod (Pk 
-1) }+ 1 iCcfc'JS^ti^^SiaJSIiJ. :&6mcak5 
^l^iCak (P1P2 Pm/Pk) =1 (mod 
Pk) ^mtctmLOimSLtLT. Sai (P1P2 P 
m/Pi) Bi +32 (P1P2 Pm/P2) B2 +- 
•••+ am (P1P2 Pm/Pm) Bm (mod Pi 

P2 Pm) icj:us*ti5iiijfx*mtb-r*. iJ^jS 

i)p»#s. %6mc^»#s;&^tj^io3jg» 

#IS<h. n^iEroSHS. Q^^<^}^2n-1^QPiP2 

PmfcJ:0^(Q+l) P1P2 Pm^2n^-3l/c-rSIIS 
.bLT. SulBSIIifXlcSI3SQPiP2 Pm^M»LT 
SSS^^fiKU tii;':r5m2CD;lS^S<!:. ^§t;i<!: 

[004 1] -r^tj^. *fe0^Tti, MmsfAcfc'jp/f 
Silt ^arosia^^fiE L T^a^jMsyr 7& ictc jt 

[0 0 4 2] *5gB^(^^m8!(5l4?^>£tiv m 

^lEWSSa. k^mi-XTWiEcDSSIS, P^ P2s 

Pm^2J.X±(D|g»tLT. 4^5nfc«ii(^M» (Pi 
-1). (P2-1)v {Pm-^) K'ht-^i. 

o^Ak< (Pk-1) ^mctmL(Dm.mM.kv.-^. 

^emcak^alRlStak (P1P2 Pm/Pk) =1 

(mod Pk) ^mtcrm^O^^tLi:. iCai (P 
1P2 Pm/Pl) Bi +32 (P1P2 Pm/P2) 
B2 + + am (P1P2 Pm/Pm) Bm (mo 
d P1P2 Pm) lJ:J:y«^ti«lil»X**J^»|| 

QP1P2 Pmfc<fct>' (Q+1) P1P2 Pm^2n 
^mctUI&t LT. JIPW^SIC^ U BijiBSI»X tCS6» 

QP1P2 Pm^»n»LTllli^^fi!6L. tti:'3-r%^ 

[0 0 4 3] *^B^ro«(«iLa5«*t^««. m^ 

lEOMHS. k^mJ-XTOIEtOlllS. Pi. P2. P 

m«2W±(7)lS»iOT. A:/:^ti/cfflli<Dllli (Pi- 
1). (P2-1)v s (Pm-1) l::t<t:-:3;i^T0 

^Ak< (Pk-1) ^Mcrmm(Dmn^WLA\i^in 
^n±is,t^m^<DSin^±^mt. Bk^iCAk+itc 
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(P1P2 Piti/Pk)=1 (mod P\0 ^MTc 

t^^omi&tLT. ^ai (P1P2 Pm/Pl) Bi 

+ 32 (PlP2 Pm/P2) B2 + + a 

m (P1P2 Pm/Pm) (mod P1P2 P 

n^lE<D&m. Q^5fe#2n-1^QPiP2 Pmfc<tt>' 

(Q+1) P1P2 Pm^2n^^/c-rSISti:LT. m 

trnmic^m p i p 2 p n^unm LTsa^^BE 

[0 0 4 4] -r&t)-5s *l8RBTli. ^ii(©MmSi(A 

5i?©j: d lc^i^'F^a^c^l!^<7)^l^i^5*p)^LTfSlfc^iMSlJ•r 
?>73IC^ci±A;fl|46T5®B§KlTiRi»a)^t^i*^#«^:<!:6^T• 



[1212] *f6B^icj:;5ig<«siii5e4saom2a)iijgo 

[1214] tiS3l5<DfRlil(Dlg«l«*fi)6-r5:&a*5^r7P- 

2. 6. 8 4. 5 mosi 

»#IS. IOK 201 1. 201 2s 201 m aiif 

^^Sx 1 0 5. 1 0 7. 1 0 31. 1 0 32. 1 0 
3n. 3 0 21. 3 0 32 Sn»«> 1 0 6. 1 0 2i. 
1 0 22. 1 0 2m fJ^-^imtl. 1 0 41. 1 0 42. 
1 0 4m «»Sg. 3 0 1 1. 3 0 1 2. 3 0 1m. 30 
2i. 3 0 22 ROM CJ- K • • >«t U) „ 



II] 



12] 



\ 



^101 



190~i 



/J / J. . . / 

+ + ■ ■ • + 

I 



1 



194~1>- 



y '105 



IBO-"*- 



290, ~0 290j~0 290[,'-C> 

JUL jLJL jLt 



\7 



192~o- 



201, 



T7 



201, 



201. 



+ 



tjios, CTi 



193, ~^ 193;~^ 



+ 

03, ni03„ 
- • • X 



+ 



I 



'105 



-106 



(10) 



ItMV 1 1 -1 0 9 8 5 9 




PATENT ABSTRACTS OF JAPAN 



(1 1 )Publication number : 11-1 09859 

(43)Date of publication of application : 23.04.1999 



(51)Int.CI. 




G09C 1/00 








G06F 7/58 




(21 )Application number 


; 09-290350 


(71)Applicant : 


: NEC CORP 


(22)Date of filing : 


06.10.1997 


(72)Inventor : 


SHIMADA MICHIO 



(54) METHOD FOR GENERATING PSEUDO-RANDOM NUMBER 

(57)Abstract: 

PROBLEM TO BE SOLVED: To generate an integer which is to be a candidate of a 

prime number at a low cost in a short time. 

SOLUTION: A random number generation unit 101 generates an integer A at random 

which satisfies 0<A<(P1-1)(P2-1) (Pm-1) synchronizing with the clock pulse from 

input terminal 180. P1P2 and Pm are prime numbers of two or more. A first 

operation means 4 calculates an integer Xa prime numberwith a high probability from 
this integer A based on an expression 

X=a1 (PI P2 Pm/PI )B 1 +a2(P1 P2 Pm/P2)B2+ +am(P1 P2 Pm/Pm)Bm(mod 

P1P2 Pm). Howeverak(k=12...m) is an integer I satisfying a congruence 

expressionak(P1P2 Pm/Pk)=1(mod Pk)and Br expresses {A mod (Pk-1)}+1. An 

adder 107 outputs the integer X as an integer of a specific number of bits. 



CLAIMS 



[Claim(s)] 

[Claim 1]A pseudorandom-numbers generation method comprising: 
For m a positive integerP,P2....P„ as two or more prime numbersA random number 
generation step which generates the pseudorandom numbers A which fill 0 <=A<(P,-1) 
(P2-I) .... (Pm~1) by a random number generation means based on given integer (Pi-1) 

(P2-I) (P.-1). 

Two or more integers expressed with D,=A by formula D|,=D^_,/(P^-1) to the integer k 
below or more 2m in D|,Two or more integers expressed by formula {D^mod (P^-Dl+I 
to positive integer k below m in B^And as two or more integers with which congruence 



expression a;,(P,P2 .... PyPj =1 (mod Pj is filleda/ormula a,. (P,P2 PyPi) 

B,+a2(P,P2 .... PyP^) B,+. +aiP,P2 .... PJPJ B„ (.) mod P,P,.... The 1st n 

arithmetic step that computes the integer X expressed by P„ using a division meansa 
remainder arithmetic meansan adding meansand a multiplication means A positive 

integerQ Condition 2 ""'<=QP,P2 P„ and (Q+1) P,P2 It is integer QP^P^ to said 

integer X by an adding means as an integer with which P„<.=2 " is filled.... The 2nd 
arithmetic step that adds P^generates an integer and is outputted 

[Claim 2]The pseudorandom-numbers generation method comprising according to 

claim 1 : 

Said 1st arithmetic stepA division step which computes quotient D^^^.■^=DyiP^^-^) when 
it is referred to as Di=A and integer is **(ed) for an integer (Pk"!) to the integer k 
below or more 2mand surplus 0,^ mod (P,-1) by a division means. 
The 1 st summing step that adds 1 to each of a surplus computed at said division step 
by the 1st adding meansand computes said two or more integer B^respectively. 
A multiplication step which multiplies by integer a^ (P1P2 -. Pm/PJ which uses said 
multiplication means for each of two or more of said integer computed by said 1 st 
summing stepand corresponds to it. 

The 2nd summing step that adds a multiplication result in this multiplication step 
altogether by the 2nd adding meansit is an added result in this 2nd summing step 
Integer P,P2 .... A remainder arithmetic step which computes a surplus when it ** by 
P^ by a remainder arithmetic meansand is made into said integer X 

[Claim 3]A pseudorandom-numbers generation method comprising: 

A positive integer below mP|P2 and P„ for a positive integer and k as two or more 

prime numbers[ m ] being based on two or more given integers (P,-1)(P2-1) and 

(P„-1) — 0 <=Ak — < (Pk~1) — a random number generation step which generates 
two or more pseudorandom-numbers A^ to fill by two or more random number 
generation meansrespectively. 

Two or more integers expressed by formula A^+l in B^and a^ as two or more integers 

with which congruence expression aJfi^P^ Pm/PJ (mod P^) is filledFormula a,. 

(P,P2 PyP,) B,+a2(P,P2 .... PyP2) B2+.... +ajP,P2 .... PyPj B„ (.) mod P,P2.... 

The 1 st arithmetic step that computes the integer X expressed by P^ using a 
remainder arithmetic meansan adding meansand a multiplication meansThey are a 

positive integer and Q about n Condition 2 " '<=:QP,P2 P^ and (Q+1) P,P2 

as an integer with which P„<.=2 " is filledit is integer QP1P2 to said integer X by an 
adding means.... The 2nd arithmetic step that adds P^generates an Integer and is 
outputted 

[Claim 4]The pseudorandom-numbers generation method comprising according to 
claim 3: 



The 1st summing step that said 1st arithmetic step adds 1 to each of two or more of 
said pseudorandom-numbers \ generated at said random number generation step by 
the 1st adding meansand computes said two or more integer Bkrespectively. 
A multiplication step which multiplies by integer a^ (P1P2 P^P^ which uses said 
multiplication means for each of two or more of said integer B,, computed by said 1st 
summing stepand corresponds to it. 

The 2nd summing step that adds a multiplication result in this multiplication step 
altogether by the 2nd adding means. 

It is an added result in this 2nd summing step Integer P,P2 .... The 2nd remainder 
arithmetic step that computes a surplus when it ** by P„ by a remainder arithmetic 
meansand is made into said integer X 

[Claim 5]A pseudorandom-numbers generator comprising: 

For m a positive integerP,P2....P^ as two or more prime numbersA random number 
generation means to generate the pseudorandom numbers A which fill 0 <=A<(P,-1) 

(P2-I) .... (P„-1) based on inputted integer (P -1) (P2-I) (P^-1). 

Two or more integers expressed with D,=A by formula D^=D^^.^/{P^^-^) to the integer k 
below or more 2m in DJt is a formula to positive integer k below m about B^. (D^ mod 
(Pk~1)} Two or more integers expressed by +1And as two or more integers with which 

congruence expression a^CPjPs ■■■■ P^/Pj -1 (mod Pj is filleda|,Formula a,. (P,P2 

PyP,) B,+a2(P,P2 .... PyP2) B2+. +ajP,P2 .... PyPj B„ (.) mod P,P2.... The 1st 

calculating means including a division meansa remainder arithmetic meansan adding 
meansand a multiplication means which compute the integer X expressed by P^They 

are a positive integer and Q about n Condition 2 "■'<=QP,P2 P„ and (Q+1) P1P2 - 

as an integer with which P^<=2 " is filled. It is integer QP1P2 to said integer X.... 

The 2nd calculating means that adds P^generates an integer and is outputted 

[Claim 6]The pseudorandom-numbers generator comprising according to claim 5: 

Said 1st calculating means is set to Di=A to said pseudorandom numbers ATwo or 
more division means which compute quotient D|^+,=D|,/(P^-1) when integer is **(ed) 
for an integer (P^-l) to the integer k below or more 2mand surplus mod (P,-1) by a 
division means. 

Two or more 1 st adding means that add 1 to each of a surplus computed by said 1 st 

remainder arithmetic meansand compute said two or more integer B|,respectively. 

Said two or more multiplication means which multiply by integer a,, (P1P2 Pm/PJ 

corresponding to each of two or more of said integer B^ computed by said 1 st adding 
means. 

It is an added result by the 2nd adding means adding all multiplication results by this 
multiplication meansand this 2nd adding means Integer PjPj .... A remainder arithmetic 
means to compute a surplus when it ** by P,„and to output as said integer X 



[Claim 7]A pseudorandom-numbers generator comprising: 

A positive integer below mP,P2 and P„ for a positive integer and k as two or more 

prime numbers[ m ] being based on two or more integers (P,-!) and (P2-I) which 

were inputted and (P„-1) — 0 <=Ak — < (Pk"!) — two or more random number 

generation means to generate two or more pseudorandom-numbers A^ to 

fillrespectively. 

Two or more integers expressed by formula A^+l in B^and a^ as two or more integers 

with which congruence expression a^CPiPj Pm/PJ =1 Pj is filledFormula a,. 

iP,P, PyP,) B,+a2(P,P2 .... PyP^) B,+.... +aJP,P, .... PyPj B„ (.) mod P^P^.... 

The 1st calculating means including a remainder arithmetic meansan adding meansand 
a multiplication means which compute the integer X expressed by P^They are a 

positive integer and Q about n Condition 2 ""'<=QPiP2 P^ and (Q+1) P^P^ 

as an integer with which P„<=2 " is filledit is integer QP,P2 to said integer X.... The 
2nd calculating means that adds P^generates an integer and is outputted 

[Claim 8]The pseudorandom-numbers generator comprising according to claim 7: 

Two or more 1st adding means that said 1st calculating means adds 1 to each of two 

or more of said pseudorandom-numbers A^ generated by said random number 

generation meansand compute said two or more integer B^respectively. 

Said two or more multiplication means which multiply by integer a^, (P1P2 Pm/Pk) 

corresponding to each of two or more of said integer B^ computed by said 1 st adding 

means. 

The 2nd adding means adding all multiplication results in this multiplication means. 
It is an added result in this 2nd adding means Integer P,P2 .... A remainder arithmetic 
means to compute a surplus when it ** by P^and to output as said integer X 

[Claim 9]The pseudorandom-numbers generator according to claim 6 or Swherein said 
multiplication means is constituted by ROM. 

[Claim 10]The aforementioned remainder arithmetic means contains the 1st and 2nd 
ROM and 1st and 2nd adding machinesTwo or more bits by the side of a low rank are 
supplied to one input terminal of said 1st adding machine among two or more bits 
which constitute output data of said 2nd adding meansThe remaining bits are supplied 
to an address terminal of said 1st ROMand output data of said 1st ROM is supplied to 
an another side input terminal of said 1 st adding machinelnside of two or more of said 
bits which constitute output data of said 1 st adding machineTwo or more bits by the 
side of a low rank are supplied to one input terminal of said 2nd adding machineThe 
remaining bits are supplied to an address terminal of said 2nd ROMand output data of 
said 2nd ROM is supplied to an another side input terminal of said 2nd adding 
machineThe pseudorandom-numbers generator according to claim 6 or Swherein 
output data of said 2nd adding machine is outputted as a computed result of said 



surplus of the aforementioned remainder arithmetic means. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention]This invention relates to the method and device which 

generate pseudorandom numbers. 

[0002] 

[Description of the Prior Art]Beforein order that the transmitted data in 
communications systemssuch as a telephonea modemor televisionmay not be 
intercepted by the third partyencryption of transmit information is performed to 
transmit information by carrying out exclusive OR addition of the pseudorandom 
numbers. Two art of the public key encryption using a key which is different by the 
conventional code using the same keyand encryption and decryption by encryption 
and decryption to the method of encryption is known. Among thesesince time and 
effort can be saved since the public-key crypto system does not need to deliver a 
key beforehand in advance of communicatlonand what is necessary is to perform 
management of a key only by a receiverit has the advantage that management of a 
key is easy. 

[0003]In a public-key crypto systema receiver decrypts information using a secret 
key and the prime number which usually has a thousands of [ hundreds to ] bits beam 
is used for this secret key. Thereforeit has been an important technical problem how 
a prime number with much such the number of bits is generated efficiently random. 
[0004]When generating the prime number of the specific number of 
bitsfundamentallythe Integer of the number of specific bits is generated at random 
firstand it is necessary to repeatsince a formula does not exist in generation of such 
a prime number until a prime number is obtained [judging whether it is a prime 
number and ]. Howeversince a lot of [ in order to judge whether it is a prime number ] 
calculations were requiredshortening of time was aimed at by generating first an 
integer with probability high as a candidate of a prime number which is a prime 
number rather than only generating the integer of the number of specific bits at 
randomand judging conventionallythat it is a prime number to the integer. 
[0005] Drawing 4 is a flow chart which shows how to generate the candidate of such a 
conventional prime number. As shown in this figurethe Integer X (pseudorandom 
numbers) of n bit is first generated at random by making n into a positive integer 
(Procedure 410). Howeversince there is the integer X clearly again not a prime 
number but when a high order bit is not an n bit because of zero if the integer X is 
eventhe least significant bit and the most significant bit of the integer X are set to 1 
(Procedure 420). Nextpositive integer j is set to 1 (Procedure 430)and it inspects 



whether X can divide among Pjwhen X can divide among Pjcontrol is moved to 
Procedure 410and on the other handwhen it cannot be businesslikecontrol is moved 
to Procedure 450. In Procedure 450it inspects whether it is j=mif j=m 
becomesprocessing will be endedX will be outputted as a candidate (pseudorandom 
numbers) of a prime numberand if it is not j=mcontrol will be moved to Procedure 460. 
In Procedure 460it is considered as j=j+1 and control is moved to 440. m is the 
positive integer decided beforehand hereand P„ is P,P2....a mutually different small 
prime number. Since P,P2.... having P„ in a prime factor will not have X if it carries out 
for coming and the integer X is generatedrather than the integer of n bit generated at 
random simplythe probability which is a prime number becomes high and the prime 
number of the number of specific bits can be obtained efficiently. 
[0006]About the conventional prime-number-generation method and public key 
encryption. For exampleSHUNAIA work "applied cryptography (2nd edition)" () 
[ Bruce Schneier and ] Applied Cryptography: It explains to ProtocolsAlgorithmsand 
Source Code in CSecondEditionJohnWiley&SonsInc. 1996etc. in detail. 
[0007] 

[Problem(s) to be Solved by the Invention] Howeverthe probability that the integer of 
n bit generated at random is a prime number is about 1/nconsidering a prime number 
theorem. It is known that it is a grade. Thereforein the conventional methodin order to 
obtain the candidate of one prime numberabout n integers needed to be generated at 
random. And since the prime number of thousands of [ hundreds to ] numbers of bits 
is used as mentioned above as a secret keyin order to obtain one candidate of such a 
secret keyit had to check whether the integer which generated the integer also 
thousands times from hundreds of timesand was generated at every time would be 
**(ed) by prime number Pjand an integer could divide among Pjand a lot of operations 
needed to be performed. Thereforein order to take time in order to obtain the 
candidate of a prime numberand to do divisiona divider is requiredand the device had 
become a high cost. 

[0008]Thenthe purpose of this invention is to provide the pseudorandom-numbers 
generation method and device which are short time and can generate the integer 
which serves as a candidate of a prime number by low cost. 
[0009] 

[Means for Solving the Problem]A pseudorandom-numbers generation method of this 
invention for m a positive integerPiPj.-.P^ in order to attain the above-mentioned 

purpose as two or more prime numbersBased on given integer (P,-1) (P2-I) (P^" 

1)A random number generation step which generates the pseudorandom numbers A 
which fill 0 <=A<(P,-1) (P2-I) .... (Pm~1) by a random number generation meansTwo or 
more integers expressed with D,=A by formula Dk=Dk.,/(Pk-1) to the integer k below 
or more 2m in D^Two or more integers expressed by formula {D^mod (P|,-1)}+1 to 
positive integer k below m in B^And as two or more integers with which congruence 
expression aJ^P^Pi .... PJP^ =1 (mod P,,) is filleda/ormula a,. (P,P2 PJP^) 



B,+a2(P,P2 .... PJP2) B2+ .... +ajP,P2 .... PJPJ (.) mod P.P^ .... The 1st arithmetic 
step that computes the integer X expressed by P„ using a division meansa remainder 
arithmetic meansan adding meansand a multiplication meansThey are a positive 

integer and Q about n Condition 2 ""^<=QP,P2 P^ and (Q+1) P,P2 as an 

integer with which P^<=2 " is filledit is integer QP1P2 to said integer X by an adding 
means.... P„ is addedan integer is generated and the 2nd arithmetic step to output is 
included. 

[001 0]A pseudorandom-numbers generation method of this invention is provided with 
the following. 

A positive integer below mP|P2 and P^ for a positive integer and k as two or more 

prime numbers[ m ] being based on two or more given integers (P,-1)(P2~1) and 

(P„-1) — 0 <=A^ — < (P^-l) — a random number generation step which generates 
two or more pseudorandom-numbers A^ to fill by two or more random number 
generation meansrespectively. 

Two or more integers expressed by formula A^+1 in B^and a,^ as two or more integers 

with which congruence expression a^(P,P2 Pm/^k) ~^ (mod P|^) is filledFormula a,. 

(P,P2 PyP,) B,+a2(P,P2 PyP^) B2+.... +ajP,P2 .... PyPj B„ (.) mod P.P^.... 

The 1st arithmetic step that computes the integer X expressed by P„ using a 
remainder arithmetic meansan adding meansand a multiplication means 

They are a positive integer and Q about n Condition 2 "''<=QPiP2 P^ and (Q+1) 

P,P2 .... as an integer with which Pn,<=2 " is filledit is integer QP,P2 to said integer X 
by an adding means.... The 2nd arithmetic step that adds P^generates an integer and 
is outputted 

[GDI 1]And a pseudorandom-numbers generator of this invention is provided with the 
following. 

For m a positive integerP,P2....P^ as two or more prime numbersA random number 
generation means to generate the pseudorandom numbers A which fill 0 <=A<(P,-1) 

(P2-I) .... (Pn,-1) based on inputted integer (P,-1) (Pj-D (Pm~1)- 

Two or more integers expressed with D,=A by formula D^^=D^^.■,/(.P^^-^) to the integer k 
below or more 2m in DJt is a formula to positive integer k below m about B^. {D^ mod 
(Pk~1)l Two or more integers expressed by +1And as two or more integers with which 

congruence expression ajP^Pz ■■■■ Pm^^O ~^ (mod P^) is filledai^Formula a,. (P,P2 

PyP,) B,+a2(P,P2 •••• PyP^) +a„(P,P2 .... PyPj B„ (.) mod P,P2.... The 1st 

calculating means including a division meansa remainder arithmetic meansan adding 
meansand a multiplication means which compute the integer X expressed by P^ 

They are a positive integer and Q about n Condition 2 ""'<=QP,P2 P^ and (Q+1) 

P,P2 .... as an integer with which P^<=2 " is filledit is integer QP,P2 to said integer X.... 
The 2nd calculating means that adds P^generates an integer and is outputted 



[001 2]A pseudorandom-numbers generator of this invention is provided with the 



following. 

A positive integer below mP,P2 and P„ for a positive integer and k as two or more 

prime numbers[ m ] being based on two or more integers (P,-1) and (Pj-D which 

were inputted and (P„-1) — 0 <=\ — < (Pk-1) — two or more random number 

generation means to generate two or more pseudorandom-numbers to 
fillrespectively. 

Said two or more integers expressed by formula A^+l in B^And as two or more 
integers with which congruence expression ak(P,P2 Pm/^k) -1 (mod P^) is 

filleda.Formula a,. (P,P2 PyP,) B.+azCP^Pz .... PJP2) B2+. +a,(P,P2 

PyPj B^ (.) mod PiPj.... The 1st calculating means including a remainder arithmetic 
meansan adding meansand a multiplication means which compute the integer X 
expressed by 

They are a positive integer and Q about n Condition 2 ""'<=QP,P2 P^ and (Q+1) 

P,P2 .... as an integer with which P„<=2 " is filledit is integer QP,P2 to said integer X.... 
The 2nd calculating means that adds P^generates an integer and is outputted 

[0013]The above-mentioned integer B^ expressed with {D^mod} (P^-D+l fills 0<Bk<Pk 
to given arbitrary nonnegative integer D^. It is B^^\=0 if it is 0<Bk<Pk (mod P^). 
Thereforeif it is PjPj.-.a prime number in which P^^, is differentA primary alliance 
congruence expression If a solution of X= B, (mod P,)X ^Bj (mod P2)....X=B^ (mod P^) 
exists and the solution is set to X (the above-mentioned integer X)X can be divisible 
by neither P, nor P2 nor .... nor P^. That ism small prime number P,P2.... probability that 
X is a prime number become higher than probability that an integer given only at 
random [ X / it will be said that it does not have P„ in a prime factor and ] is a prime 
number. 

[0014]And the solution X of the above-mentioned primary alliance congruence 

expressionX=a,. (P,P2 PyP,) B,+a2(P,P2 .... PyP2) B2+ +ajP,P, .... PyPj 

B^ (.) mod PjPj .... Asking simply is known by P„ and the integer X is computed by this 
formula in the 1st arithmetic step of the aboveand the 1st calculating means in a 
pseudorandom-numbers generation method and a device of this invention which 
generate the one pseudorandom numbers A first. At the 2nd arithmetic step of the 
aboveand the 2nd calculating meansit is QP,P2 to the integer X.... Since P„ is addedan 
integer of n bit is acquired as the final output. 

[0015]In this invention pseudorandom-numbers generation method and a device which 
generate two or more pseudorandom numbers Ak to the beginning. Pseudorandom- 
numbers A^ which is equivalent to above-mentioned mod (Pk~1) by random number 
generation step and a random number generation means is generatedin the 1 st 
arithmetic step and 1st calculating meansthe integer X is computed by this 
pseudorandom-numbers A^and the 2nd arithmetic step and 2nd calculating means 
generate an integer of n bit like a case of the above-mentioned invention further. 
[0016] 



[Embodiment of the InventionjNextan embodiment of the invention is described with 
reference to drawings. Drawing 1 is a functional block diagram showing the 1 
embodiment of the pseudorandom-numbers generator by this invention. Belowwith 
reference to this figurethe 1 embodiment of the pseudorandom-numbers generator by 
this invention is describedand the 1 embodiment of the pseudorandom-numbers 
generation method by corresponding this invention is described simultaneously. 
[0017]As it is for this pseudorandom-numbers generator 2 generating the candidate 
of the prime number used as the secret key of a public-key crypto system and was 
shown in drawing l it is constituted by the adding machine 107 as the random number 
generator 101 as a random number generation means concerning this inventionthe 1st 
calculating means 4 concerning this inventionand the 2nd calculating means 
concerning this invention. The 1st calculating means 4 And divider 102 ,102 2....102 ^ 

(division means concerning this invention)adding machine 103 ,103 2 103 „ (the 

1st adding means concerning this invention)It is constituted by multiplier 104 ,104 
2-. ..104 ^ (multiplication means concerning this inventionHhe adding machine 105 (the 
2nd adding means concerning this invention) and the remainder arithmetic machine 
106 (remainder arithmetic means concerning this invention). 

[001 8]a clock signal being supplied to the random number generator 101 through the 
input terminal ISOand leading the input terminal 190 to it on the other hand — an 
integer (P,-1) (P2-I) . .. (Pm~1) is inputted. Herea positive integerP,P2....P„ of m are 
two or more prime numbers. And the random number generator 101 generates the 
pseudorandom numbers A which fill 0 <=A<(P,-1) (P2-I) .... (Pm~1) synchronizing with 
each clock pulse of the above-mentioned clock signaland outputs them to the 1 st 
calculating means 4. 

[0019]The function of the 1st calculating means 4 is computing the integer X 
(pseudorandom numbers) with high probability which is a prime number based on the 
next [one number]. 
[0020] 

[Equation 1]X=a,. (P,P2 PyP,) B,+a2(P,P2 .... PyP2) B2+ .... +ajP,P2 .... PyPj 

B„ (.) mod P,P2 P, 

Herea,, (k= 12....m) is an integer with which congruence expression a|,(P,P2 Pm/^k) 

=1 (mod Pj is filled. B1B2 and B,,Formula type 6^= {D,, mod} (Pk~1) By +1are two or 

more integers values are decided to beand hereD^ is D,D2 and two or more 

integers values are decided to be by D,,=D,,_,/(P|,_,-1) to D,=A and two or more k. A 
reason for probability that the integer X expressed by [an one number] is a prime 
number being a high integer is explained in detail later. 
[0021]An integer (P|,-1) is inputted into each divider 102 ^ {k= 12....m) which 
constitutes the 1st calculating means 4 through terminal 191 ^^and the above- 
mentioned pseudorandom numbers A are inputted into divider 102 , from the random 
number generator 101. And divider 102 , computes quotient D2=A/(P,-1) when the 
pseudorandom numbers A are **(ed) for an integer (Pi-1)and the surplus A mod (P,- 



DOutput a quotient and a surplus and each divider 102 ^ (k= 2 — m)Quotient 0^+,= 
when quotient D,, which left-hand side divider 102 ^-i outputs is **(ed) for an integer 
(Pk-1) (Dy(Pk-1) and surplus mod (Pk-1) are computedand a quotient and a surplus 
are outputted.) A surplus which each divider 102 |^ (k= 12....m) outputs is outputted to 
each adding machine 103 correspondingrespectively. Belowit is written as expedient 
upper D,=A of explanation. In each adding machine 103 ^with the above-mentioned 
surplus from each divider 102 "1 " is inputted through the input terminal 192 and 
each adding machine 103 adds one to surplus mod (P^-DA result is outputted to 
each multiplier 104 ^ corresponding as integer B,, (= {D,, mod} (P^-l) +1). 
[0022]In each multiplier 104 i^with added result B,, by each adding machine 103 
Integer iP^Pz ■■■■ Pm/PJ 's inputted through each terminal 193 ^and multiplier 104 ^ 
computes a product of this integer and the above-mentioned added result B^and 
outputs a result to the adding machine 105. a^ is an integer with which congruence 
expression aJiP^Pz .... Pn,/Pk) -1 (mod Pj is filled here. The adding machine 105 adds 
all outputs of each multiplier 104 ^and outputs an added result to the remainder 
arithmetic machine 106. In the remainder arithmetic machine 106with this added 

resultthrough the terminal 194 Prime number P1P2 integer PiPj as a product of P^ 

P^ is inputtedThe remainder arithmetic machine 106 is an added result from the 

adding machine 105 Integer P^Pj .... A surplus when it ** by P^ is computedand It 
outputs to the adding machine 107 as the integer X. 

[0023]The input terminal 195 is led to the adding machine 107 with the integer X from 
the remainder arithmetic machine 106and it is the above-mentioned integer P^Pj.... 
Integer QP,P2 which multiplied P„ by the integer Q .... P^ is inputtedThe adding 
machine 107 outputs an integer (pseudorandom numbers) acquired by adding these 
integers as a candidate of a prime number used as a secret key. HereQ is condition 2 

""^<=QP,P2. P^ and (Q+1) P,P2 .... It is an integer with which P„<=2 " is filled. 

[0024]Nextoperatlon of the pseudorandom-numbers generator 2 constituted in this 
way is explained. If one clock pulse of a clock signal is Inputted through the input 
terminal ISOthe random number generator 101 The integer A (pseudorandom numbers) 
with which 0 <=A<(P,-1) (Pj-I) .... (P^"!) 's filled synchronizing with the clock pulse is 
generated at randomand divider 102 , is supplied (random number generation step 
concerning this invention). 

[0025]On the other handdivider 102 , computes quotient D2=A/(P,-1) when the 
pseudorandom numbers A are **(ed) for an integer (P,-1)and the surplus A mod (P,- 
DOutput a quotient and a surplus and each divider 102 (k= 2 — m)Compute quotient 
Dk+i-DkAP^-l) when quotient which left-hand side divider 102 ^-i outputs is **(ed) 
for an integer (P^-Dand surplus mod (P^-Dand a quotient and a surplus are 
outputtedA surplus is outputted to adding machine 103 ^ correspondingrespectively 
(division step concerning this invention). Belowit is written as expedient upper D,=A of 
explanation. And each adding machine 103 from each remainder arithmetic machine 
102 ^ to surplus Dk mod (P^'D- "1 " inputted through the input terminal 192 is 



addedand result (= {D^ mod} (Pk-1) +1) is outputted to corresponding multiplier 104 
k (the 1st summing step concerning this invention). Multiplier 104 ^ multiplies by 
integer (PiP? . .. PyPk) inputted through input terminal 193 ^ corresponding to this 
added result B^A result is outputted to the adding machine 105 (multiplication step 
concerning this invention). 

[0026]Thenthe adding machine 105 adds all outputs of each multiplier 104 ^outputs an 
added result to the remainder arithmetic machine 106 (the 2nd summing step 
concerning this invention)and the remainder arithmetic machine 106Integer P^Pi into 
which an added result from the adding machine 105 is inputted through the input 
terminal 194 .... A surplus when it *♦ by P^ is computedand it outputs to the adding 
machine 107 as the integer X (remainder arithmetic step concerning this invention). 
[0027]And integer QPiPj as which the adding machine 107 is inputted into the above- 
mentioned integer X from the remainder arithmetic machine 106 through the input 
terminal 195 .... P^ is addedAn acquired integer (pseudorandom numbers) is outputted 
from the output terminal 196 as a candidate of a prime number used as a secret key 
(the 2nd arithmetic step concerning this invention). The above-mentioned integer X 
computed based on [an one number] is 0 <=X<PiP2.... Since it is an integer with which 
P„ is filledit is not necessarily the desired number of bitsi.e.an integer of n bit. With 

howeverthe adding machine 107. Condition 2 ""'<=QPiP2 [ .... P^. ] P„ and (Q+1) 

P1P2 .... It is the integer Q with which P^<=2 " is filled Integer P,P2 .... Integer QP,P2 by 
which P^ was multiplied An integer of n bit is acquired by adding to the integer X. As 
a resultwhenever a clock pulse is inputted into the random number generator 101 
through the input terminal 180a candidate of a prime number of n bit for considering it 
as a secret key in a public-key crypto system is outputted one after another through 
the output terminal 196. When a value of the above-mentioned m obtains 
pseudorandom numbers with higher probability that it is a prime number to choose in 
the range in which a value of Q exists as greatly as possibleit is preferred. 
[0028]Why the integer X can serve as a candidate of a prime number about how the 
above [one number] is drawn here is explained in detail. The above-mentioned integer 
B^ expressed with Bk=(D,,mod} (P^-D+l fills 0<B,,<Pk to given arbitrary nonnegative 
integer D^. It is B^I^O if it is 0<B,,<Pk (mod P^X Thereforeif it is P,P2....a prime number 
in which P^ is differentA primary alliance congruence expression If a solution of X= B, 
(mod Pi)X =62 (mod P2)....X=B„ (mod P„) exists and the solution is set to X (the 
above-mentioned integer X)X can be divisible by neither P, nor Pj nor .... nor P^. That 
ism small prime number PiPj-.-probability that X is a prime number become higher 
than probability that an integer generated only at random [ X / it will be said that it 
does not have P„ in a prime factor and ] is a prime number. 
[0029]And the solution X of the above-mentioned primary alliance congruence 

expressionX^a,. (P,P2 PyP,) B,+a2(P,P2 .... PyP2) B2+ +ajP,P2 .... PyPj 

B^ (.) mod P,P2 .... Asking simply is known by P„ and the 1st calculating means 4 
computes the integer X by this one formulai.e.a [number]. 



[0030]Thusaccording to this embodimentif a random number generator generates one 
integer at randomaccording to a predetermined computing equation ([one number])one 
candidate of an integer with high probability which is a prime numberi.e.a prime 
numberwill certainly be generated based on the integer. Thereforecompared with a 
method which generates many integers at random like beforeand sorts out a prime 
numbera candidate of a prime number can be obtained extremely in a short time. In 
order to investigate whether it is a prime number conventionallydivision needed to be 
donebut division is unnecessarytherefore it can constitute a device from this 
embodiment by low costwithout using a divider. 

[0031]The adding machine 107 is QP1P2 from the remainder arithmetic machine 106 
to the integer X.... A result adding P^A candidate (pseudorandom numbers) of a prime 
number which Is n bit which the adding machine 107 outputsit will not be distributed 
over Mr. {2 ""\...2 "-1} top ****but will be distributed over Mr. {P^-QP,P2 .... 

P^....P(Q+1) ,P2 1} top Thereforealthough he cannot call it ideal 

pseudorandom numbers statisticallysince a candidate of a prime number of this n bit 
uses a candidate of a generated prime number in order to obtain a secret key of 
public key encryptionthis embodiment is enough for him in such a case. 
[0032]Nexta 2nd embodiment is described. Drawing 2 is a functional block diagram 
showing a 2nd embodiment of a pseudorandom-numbers generator by this invention. 
Belowwith reference to this figurea 2nd embodiment of a pseudorandom-numbers 
generator by this invention is describedand an embodiment of a pseudorandom- 
numbers generation method by corresponding this invention is described 
simultaneously. The same numerals are given to the same element as drawing 1 
among drawing 2 and explanation about them is omitted here. 
[0033]The random number generator 101 of drawing 1 is replaced by two or more 
random number generator 201 ^and that this pseudorandom-numbers generator 6 
differs from the pseudorandom-numbers generator 2 of drawing 1 is the point that 
each divider 102 is deleted in the 1st calculating means 5 equivalent to the 1st 
calculating means 4. Namelyin this pseudorandom-numbers generator 6random 
number generator 201 ^ is provided corresponding to each adding machine 103 ^A 
clock signal is inputted into each random number generator 201 through the input 
terminal ISOand an integer (P^-l) is supplied through input terminal 290 
corresponding to each random number generator 201 ^. and as for each random 
number generator 201 ^^each clock pulse of a clock signal is inputted — alike — 0 
<=A^ — < (Pk-1) — pseudorandom-numbers A,^ to fill is generated and is outputted to 
corresponding adding machine 103 y^. And in this pseudorandom-numbers generator 6 
each random number generator 201 ,,Generating pseudorandom-numbers A,, 
equivalent to integer mod (Pk~1) which the above-mentioned divider 102 ^ ( drawing 
V) outputseach part after adding machine 103 ^ operates like a case of the above- 
mentioned embodimentand generates an integer of n bit as a candidate of a prime 
number. Thereforealthough the same effect as a case of the above-mentioned 



embodiment is acquired and the number of random number generators also increases 
this embodiment by this embodiment furtherslnce m dividers become unnecessarya 
candidate of a prime number is further generable at a high speed from the above- 
mentioned embodiment. 

[0034]Nexta 3rd embodiment is described. Drawing 3 is a functional block diagram 
showing a 3rd embodiment of a pseudorandom-numbers generator by this invention. 
Belowwith reference to this figurea 3rd embodiment of a pseudorandom-numbers 
generator by this invention is describedand an embodiment of a pseudorandom- 
numbers generation method by corresponding this invention is described 
simultaneously. The same numerals are given to the same element as drawing 2 
among drawing 3 and explanation about them is omitted here. 

[0035]That this pseudorandom-numbers generator 8 differs from the pseudorandom- 
numbers generator 6 of drawing 2 Each multiplier 104 of drawing 2 is replaced by 
ROM(read only memory) 301 i^respectivelyThe remainder arithmetic machine 106 is 
the point currently replaced by adding machine 303 ,303 2 and ROM302 ,and 302 2- 
Firstan added result of each adding machine 103 ^ is inputted into an address terminal 
of each ROM301 ,,and data which each ROM301 ^ holds is supplied to the adding 
machine 105 from a data output terminal of each ROM301 y. (y at y address of each 
ROM301 ^ And nonnegative integer)A value of integer a|,(P,P2 .... PyP^) y is written in 
as datatherefore each ROM301 ,^ achieves the same function as each multiplier 104 ^^. 
Integer is inputted into each ROM301 from each adding machine 103 ^and this 
value is small. Thereforesince ROM with the small maximum of an address of each 
ROM301 ^ and a small storage capacity can be usedsuch composition is easily 
realizable. 

[0036]On the other handn bit by the side of a low rank among two or more bits which 
constitute output data of the adding machine 105 to one input terminal of adding 
machine 303 The remaining bits are supplied to an address terminal of ROM302 

,respectivelyand output data of ROM302 , is supplied to an another side input 
terminal of adding machine 303 Inside of two or more bits which constitute output 
data of adding machine 303 ,n bit by the side of a low rank is supplied to one input 
terminal of adding machine 303 2the remaining bits are supplied to an address terminal 
of ROM302 2respectivelyand output data of ROM302 2 is supplied to an another side 
input terminal of adding machine 303 2- 

[0037]At and z address (z is a nonnegative integer) of each ROM302 , and 302 2- A 
value of integer 2 "z (mod P,P2 .... Pj is written in as dataAs a resultthese adding 
machine 303 ,303 2 and ROM302 land 302 3 achieve a function of the remainder 
arithmetic machine 106and the integer X is outputted from adding machine 303 2- the 
integer z inputted into each ROM302 , and 302 2 — at most — it is mand since a 
value of m is smallROM with a small storage capacity can be used and such 
composition can be realized easily. 

[0038]According to this 3rd embodimentat still high speedsince the same effect as a 



case of the pseudorandom-numbers generator 6 mentioned above is acquired and a 
multiplier and a remainder arithmetic machine are not used furthera candidate of a 
prime number can be generated. Although a multiplier and a remainder arithmetic 
machine which constitute a 2nd embodiment were replaced with ROM or an adding 
machine in this 3rd embodimentof courseit is also possible to replace a multiplier and 
a remainder arithmetic machine with ROM or an adding machine similarly in a 1st 
embodimentand to attain improvement in the speed of processing. 
[0039] 

[Effect of the Invention]As explained abovethe pseudorandom-numbers generation 
method of this invention is provided with the following. 

For m a positive integerP,P2....P^ as two or more prime numbersThe random number 
generation step which generates the pseudorandom numbers A which fill 0 <=A<(P,-1) 
(P2-I) .... (Pm~1) by a random number generation means based on given integer (P,-1) 

(P2-I) (P.-1). 

The integer expressed with D,=A by formula D^^-D^^_y(P^^-^) to the integer k below or 
more 2m in D^Two or more integers expressed by formula {D^mod (P^-Dl+I to positive 
integer k below m in B^And as two or more integers with which congruence expression 

a,(P,P2 .... PyPj =1 (mod PJ is filleda/ormula a,. (P,P2 PyP,) B,+a2(P,P2 .... 

PyPj) B2+. +a„(P,P2 .... PJPJ (.) modP,P2.... The 1st arithmetic step that 

computes the integer X expressed by P^ using a remainder arithmetic meansan adding 
meansand a multiplication means 

They are a positive integer and Q about n Condition 2 "~'<=QP,P2 P^ and (Q+1) 

P,P2 .... as an integer with which P„<=2 " is filledit is integer QP,P2 to said integer X 
by an adding means.... The 2nd arithmetic step that adds P^generates an integer and 
is outputted 

[0040]The pseudorandom-numbers generator of this invention is provided with the 

following. 

For m a positive integerP,P2....P„ as two or more prime numbersA random number 
generation means to generate the pseudorandom numbers A which fill 0 <=A<(P,-1) 

(P2-I) .... (P^-1) based on inputted integer (P1-I) (Pj-I) (Pm-1). 

The integer expressed with D^^A by formula Dy=D^^_yiP^^-'\) to the integer k below or 
more 2m in Dj^Two or more integers expressed by formula [D^mod] (P^-1)+1 to positive 
integer k below m in BAnd as two or more integers with which congruence expression 

a,(P,P2 .... PyPj =1 (mod Pk) is filleda.Formula a,. (PjPj PyP,) B,+a2(P,P2 .... 

PJP2) B2+. +ajPiP2 PyPj B^ (.) mod P,P2.... The 1st calculating means 

including the remainder arithmetic meansadding meansand multiplication means which 
compute the integer X expressed by P^ 

They are a positive integer and Q about n Condition 2 ""'<=QP,P2 P^ and (Q+1) 

P1P2 .... as an integer with which P„<=2 " is filledit is integer QP1P2 to said integer X.... 
The 2nd calculating means that adds P^generates an integer and is outputted 



[0041]That isin this inventionsince the integer X with high probability which is a prime 
number is computed based on predetermined expression from the pseudorandom 
numbers Acne candidate of a prime number is certainly generated to the one 
pseudorandom numbers A. Thereforecompared with the method which generates 
many integers at random like beforeand sorts out a prime numberthe candidate of a 
prime number can be obtained extremely in a short time. In order to investigate 
whether it is a prime number conventionallydivision needed to be donebut division is 
unnecessarytherefore it can constitute a device from this invention by low 
costwithout using a divider. 

[0042]The pseudorandom-numbers generation method of this invention is provided 
with the following. 

The positive integer below mP,P2 and for a positive integer and k as two or 

more prime numbers[ m ] being based on two or more given integers (P^-DCPj-l) 

and (P^-l) — 0 <=A^ — < (P^-l) — the random number generation step which 
generates two or more pseudorandom-numbers A|^ to fill by two or more random 
number generation meansrespectively. 

Two or more integers expressed by formula A^+l in B^and a,, as two or more integers 

with which congruence expression a^CPjPj -1 (mod P,,) is filledFormula a,. 

(P,P, PyP,) B,+a,(P,P, PyP,) B,+ ... +ajP,P, .... PyPj B^ (.) mod P,P,.... 

The 1 st arithmetic step that computes the integer X expressed by P^ using a 
remainder arithmetic meansan adding meansand a multiplication means 

They are a positive integer and Q about n Condition 2 "''<=QP,P2 P„ and (Q+1) 

P,P2 .... as an integer with which P„<=2 " is filledit is integer QP,P2 to said integer X 
by an adding means.... The 2nd arithmetic step that adds P^generates an integer and 
is outputted 

[0043]The pseudorandom-numbers generator of this invention is provided with the 

following. 

The positive integer below mP,P2 and P^ for a positive integer and k as two or 

more prime numbers[ m ] being based on two or more integers (P,-!) and (P2-I) 

which were inputted and (P„-1) — 0 <.=\ — < (Pk~1) — two or more random 

number generation means to generate two or more pseudorandom-numbers to 
fillrespectively. 

Said two or more integers expressed by formula A^+l in B^And as two or more 
integers with which congruence expression ak(PiP2 Pm/Pj ~^ (mod Pj is 

filleda.Formula a,. (P,P2 PyP,) B,+a2(P,P2 .... PJP2) B2+. +a„(P,P2 

PyPj B^ (.) mod P,P2.... The 1st calculating means including the remainder 
arithmetic meansadding meansand multiplication means which compute the integer X 
expressed by P^ 

They are a positive integer and Q about n Condition 2 ""k=QP,P2 P„ and (Q+1) 



P,P2 .... as an integer with which Pm<=2 " is filledit is integer QP,P2 to said integer X.... 
The 2nd calculating means that adds P^generates an Integer and is outputted 

[0044]That isin this inventionsince the integer X with high probability which is a prime 
number is computed based on predetermined expression from two or more 
pseudorandom-numbers A,^one candidate of a prime number is certainly generated to 
pseudorandom-numbers constructed one. Thereforecompared with the method 
which generates many integers at random like beforeand sorts out a prime numberthe 
candidate of a prime number can be obtained extremely in a short time. In order to 
investigate whether it is a prime number conventionallydivision needed to be donebut 
division is unnecessarytherefore it can constitute a device from this invention by low 
costwithout using a divider. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] It is a functional block diagram showing the 1 embodiment of the 
pseudorandom-numbers generator by this invention. 

[Drawing 2] It is a functional block diagram showing a 2nd embodiment of the 
pseudorandom-numbers generator by this invention. 

[Drawing 3] It is a functional block diagram showing a 3rd embodiment of the 
pseudorandom-numbers generator by this invention. 

[Drawing 4] It is a flow chart which shows how to generate the candidate of the 
conventional prime number. 
[Description of Notations] 

268 .... A pseudorandom-numbers generator45 The 1st calculating means101201 

,201 2201 ^ .... A random number generator105 and 107103 ,103 2IO3 ^302 ,303 2 
Adding machine106102 ,102 2IO2 „ .... Remainder arithmetic machine104 ,104 2IO4 ^ . 
A multiplier301 ,301 2301 „302 ,302 2 ROM (read only memory). 



